Lucene search

PRIOn knowledge basePRION:CVE-2023-24530

HistoryFeb 14, 2023 - 4:15 a.m.

Code injection

2023-02-1404:15:00

PRIOn knowledge base

www.prio-n.com

code injection

sap businessobjects

cmc

authenticated user

network execution

confidentiality impact

integrity impact

availability impact

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.3%

JSON

SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.

CPENameOperatorVersion
businessobjects_business_intelligence_platformeq420
businessobjects_business_intelligence_platformeq430

CPE	Name	Operator	Version
	businessobjects_business_intelligence_platform	eq	420
	businessobjects_business_intelligence_platform	eq	430

References

launchpad.support.sap.com/

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html